29 matches found
Frappe Learning Management System 注入漏洞
Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.53.0 had a injection vulnerability. This vulnerability allowed authenticated users to provide malicious content in certain...
CVE-2026-46546
CVE-2026-46546 affects Frappe Learning Management System (LMS) prior to version 2.53.0. An authenticated user could provide specially crafted content in editable fields, which surfaces in page metadata and causes visitors’ browsers to navigate to an attacker‑chosen URL. The issue has been patched...
CVE-2026-39415
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...
CVE-2026-39405
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...
CVE-2026-39405
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...
EUVD-2026-31177
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...
CVE-2026-39415
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...
EUVD-2026-20603
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...
Frappe Learning Management System 安全漏洞
Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.46.0 contained security vulnerabilities. These vulnerabilities stemmed from reliance on client-side calculations for quiz...
EUVD-2026-18462
Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...
CVE-2026-34606
CVE-2026-34606 concerns Frappe LMS. The vulnerability is a stored XSS affecting Frappe LMS releases from version 2.27.0 up to 2.47.x (i.e., before 2.48.0). The issue has been patched in 2.48.0 . The provided sources do not supply exploit details, affected modules, or specific attack vectors beyon...
CVE-2026-34606 Stored XSS in Frappe LMS
Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...
CVE-2026-26977
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...
CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...
PT-2026-7726
Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description A security issue was identified in Frappe Learning Management System where unauthorized users could access the full list of enrolled students, including their email...
CVE-2026-23497
Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...
CVE-2026-23497 Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages
Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...
PT-2026-2948
Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description Frappe Learning Management System LMS contains a stored cross-site scripting XSS issue. A crafted image filename can trigger malicious JavaScript execution when displayed o...
CVE-2025-67734
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...
CVE-2025-67730
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...